On Wed, 2010-11-24 at 21:30 +0100, Moritz Muehlenhoff wrote: > Please unblock package openjdk-6. It fixes CVE-2010-3860.
It also FTBFS on a couple of architectures so far (although the ia64 failure looks to be one of the recent tar issues, rather than an openjdk issue). >From the description of the CVE in upstream's changelog / NEWS files I can spot some of the changes which were involved in fixing the security issue, but the (undocumented afaics) change to bundling CACAO rather than using the cacao-source package during build means that even a diff filtered to remove build system noise, documentation, etc. comes to 848 files changed, 334186 insertions(+), 160 deletions(-) which there's clearly no way to sanely review; it's probably worth comparing that to the old cacao-source to see how significant the diff there is, but I haven't had time to do that yet. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
